Title: Unchecked Buffer in ASP.NET Worker Process (Q322289)
Date: 06 June 2002
Software: .NET Framework
Impact: Denial of service, potentially run code of attacker"s choice
Max Risk: Moderate
Bulletin: MS02-026
Microsoft encourages customers to review the Security Bulletin at:
https://www.microsoft.com/technet/security/bulletin/MS02-026.asp
ASP.NET is a collection of technologies that help developers to build web-based applications. Web-based applications, including those built using ASP.NET, rely on HTTP to provide connectivity. One characteristic of HTTP as a protocol is that it is stateless, meaning that each page request from a user to a site is reckoned an independent request. To compensate for this, ASP.NET provides for session state management through a variety of modes.
One of these modes is StateServer mode. This mode stores session state information in a separate, running process. That process can run on the same machine or a different machine from the ASP.NET application. There is an unchecked buffer in one of the routines that handles the processing of cookies in StateServer mode. A security vulnerability results because it is possible for an attacker to seek to exploit it by mounting a buffer overrun attack. A successful attack could cause the ASP.NET application to restart. As a result, all current users of the web-based application would see their current session restart and their current session information would be lost.